Blog Archives

Blog: Combatting COVID-19 through data: some considerations for privacy

April 17, 2020 boss

A blog by Elizabeth Denham, Information Commissioner 17 April 2020 There’s an often quoted line about knowing the past to understand the present. It came to mind this week, as I looked at the work we had been doing on contact tracing and location data in the context of COVID-19. Data protection law emerged in the UK out of a concern that the benefits of new technology could be lost if advances were not embraced by the population. Data protection law was seen as a way to support innovation by…

Blog: Video conferencing: what to watch out for

April 15, 2020 boss

Ian Hulme, the ICO’s Director of Assurance gives business owners, employers and managers advice about how to safely roll out the latest video conferencing technology The COVID-19 crisis is changing the way we live our lives. Keeping our distance means many of us are working from home for the first time and adapting to new ways of doing our jobs. Thankfully, technology is helping us all stay connected. Video conferencing software and apps are valuable ways of doing business, holding staff meetings and keeping in touch with colleagues. But with…

Blog: Grwipau cymunedol a COVID-19

March 30, 2020 boss

Blog gan Ian Hulme, Cyfarwyddwr Sicrwydd Rheoleiddiol yr ICO. Wrth i COVID-19 barhau i ysgubo ar draws y Deyrnas Unedig, mae mwy a mwy o bobl yn cael eu sbarduno i helpu’r rhai sy’n fwyaf agored i niwed yn ein cymunedau. Mae grwpiau eglwysig, cymdeithasau cymdogaeth a chymdeithasau trigolion yn cael eu sefydlu i gefnogi gwaith grwpiau cymunedol, gwasanaethau ac elusennau sy’n bodoli eisoes. Yn aml, mae angen i’r grwpiau hyn ymdrin â gwybodaeth bersonol sensitif a’i rhannu gydag eraill. Ac mae hynny’n golygu ystyried y gyfraith ar ddiogelu data. Os…

Blog: Community groups and COVID-19: what you need to know about data protection

March 26, 2020 boss

A blog by Ian Hulme, Director for Regulatory Assurance at the ICO. As COVID-19 continues to sweep across the UK, more and more people are driven to help the most vulnerable in our communities. Church groups, neighbourhood and residents associations are being set up to support the work of existing community groups, services and charities. Often, these groups need to handle sensitive personal information and share it with others. And that means taking account of data protection law. If you’ve just formed a community group, this may be the first time…

Blog: Don’t get caught out when it comes to pupil photos

March 9, 2020 boss

A blog by Andrew Laing, ICO Head of Data Protection Complaints We’ve issued two reprimands, which are legal warnings, recently to schools for wrongly disclosing the personal data of children. In the first case a class photograph, sent to a local newspaper by a Cheshire primary school, included the images of two pupils whose adoptive parents had refused consent for their children’s images to be shared. The second reprimand, issued to a Humberside primary school, followed a class photograph being taken and sent home to parents. The photo included the…

Blog: The benefits of sharing personal data – what can we learn from Open Banking?

January 6, 2020 boss

6 January 2020 The ICO’s Regulators’ Business Innovation Privacy Hub has recently been looking at the key data protection considerations for innovators who are working in the Open Banking space. Whilst the idea of mass data sharing is usually enough to send a shiver down any data protection practitioner’s spine, the rollout of Open Banking demonstrates the clear benefits it can bring both to consumers and organisations, while still complying with data protection law. Open Banking was instigated by the Competition and Markets Authority (CMA), which was keen to increase…

Blog: The Data Protection Fee: does your company need to pay?

December 3, 2019 boss

Paul Arnold, Deputy Chief Executive Officer/Executive Officer 03 December 2019 We have launched a campaign to contact all registered companies in the UK reminding them of their legal responsibility to pay a data protection fee. The move marks the start of an extensive programme to make sure the Data Protection Fee is paid by all those who need to pay it. Under the Data Protection Act 2018 organisations processing personal information are required to pay a data protection fee unless they are exempt. You can quickly and easily find out…

Blog: ICO and The Alan Turing Institute open consultation on first piece of AI guidance

December 2, 2019 boss

2 December 2019 A blog aimed at data scientists, app developers, business owners, CEOs or data protection practitioners, whose organisations are using, or thinking about using, artificial intelligence (AI) to support, or to make, decisions about individuals, by Simon McDougall, Executive Director Technology and Innovation What do we really understand about how decisions are made about us using artificial intelligence (AI)? The potential for AI is huge, but its implementation is often complex, which makes it difficult for people to understand how it works. And when people don’t understand a…

Blog: Data ethics and the digital economy

November 18, 2019 boss

By Simon McDougall, Executive Director – Technology Policy and Innovation, ICO 18 November 2019 How do we balance the interests of society against individual rights, on issues like facial recognition technology? How do we allocate rights and responsibilities in a world of connected devices and real-time automated decisions? How much thought does the law require organisations to put into what is ‘right’, and what their customers would reasonably expect to happen to their data? We face an increasing number of these types of questions, as we consider the practical implications of…

Blog: Why special category personal data needs to be handled even more carefully

November 14, 2019 boss

By Ian Hulme, Director for Regulatory Assurance. 14 November 2019 Imagine if your medical records, information about your sex life or your political opinions were put into the public domain so anyone could see them. When personal data is shared by mistake the effects can be extremely damaging. The General Data Protection Regulation (GDPR) recognises that some types of personal data are very sensitive and states that data controllers must give it extra protection. This is known as special category data. Special category data is information concerning a person’s: health;…